[Owasp-board] OWASP BOARD - REQUEST FOR COMMENTS/RE: Call for OWASPSummer of Code's 2008 reviewers

Sebastien Deleersnyder seba at deleersnyder.eu
Sun Jun 1 09:57:44 UTC 2008


Pierre, Mike (e-mail?),

 

>Still a project specific question: Mike proposes in the ASVS project to 

>have an 'Owasp certificate', that would be issued by the Owasp (without 

>guarantee) against a fee. Is this compatible with the Owasp status ? and 

>with Owasp available man power ?

 

I think it is too early for this project to consider 'owasp certifications'.

 

I understand you first goal is to set out a standard framework? It is a big
leap to go to certification from there.

 

For me it does not make sense to have the same organisation layout standards
and 'certifying' subjects (people/organisations?) against this standard
(based on what criteria?)

 

Regards

 

Seba

 

 

 

  _____  

From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Paulo Coimbra
Sent: vrijdag 30 mei 2008 17:05
To: 'Pierre Parrend'
Cc: 'OWASP Foundation Board List'
Subject: [Owasp-board] OWASP BOARD - REQUEST FOR COMMENTS/RE: Call for
OWASPSummer of Code's 2008 reviewers

 

Pierre,

 

I hope you are well.

 

I am glad to hear that you are already working with Mike Boberski. WRT the
Board confirmation, I will get back to you soon with more information and
details 

 

Regarding the Phil Potisk & Richard Conway's project, as you know, I have
asked them to confirm you as Second Reviewer but I am still waiting for
answer. I'll keep you updated.

 

Concerning the reviewer role, I confirm your point of view. 

 

Additionally, on the one hand and on the top of what was said in the first
email about this issue (Subject: Call for OWASP Summer of Code's 2008
reviewers), I would say that is preferable to keep a clear distinction
between author(s)/contributors and reviewers. I believe that clear and
distinctive roles create the scientific/technical conditions to have final
improved deliveries. However, to me, to be a reviewer means, at least, to
point out scientific/technical and methodological mistakes, to propose paths
to follow, to propose tools and documentation/bibliography to be studied and
consulted.

 

On the other hand, we don't want to over define everything - keeping in mind
that our proposed main goal is to deliver the best results possible within
the given timetable, we encourage teamwork. Still, we will always be here if
you find advantage in consulting us for anything you think we can help with.

 

With respect to the 'project specific question', I am redirecting you to
OWASP Board. I am sure that your question will be answered as soon as
possible. 

 

Keep up with the good work. Thank you. 

 

Paulo Coimbra

OWASP Project Manager

 

 

 

-----Original Message-----
From: Pierre Parrend [mailto:pierre.parrend at insa-lyon.fr] 
Sent: 26 May 2008 20:46
To: Paulo Coimbra
Subject: Re: Call for OWASP Summer of Code's 2008 reviewers

 

Dear Paulo,

 

 I have begun working with Mike Boberski for the review of the ASVS 

project. I have read I thus need official agreement from the owasp, how 

is it processed ?

 

I also have a couple of questions:

 

- I also would be interested in reviewing the online code signing 

project. Is there still some need for reviewer ? can you please confirm 

me the mail of the project leaders ? I think it to be 

techierebel at yahoo.co.uk, but would like to be sure before spamming,

 

- is the expected role of reviewer detailed somewhere ? The obvious part 

is the 50%/100% assessment. I assume that regular feedback on the 

project, and maybe additional input can be of great help to improve the 

quality of the documentation. Can you just confirm me that this is in 

the frame of the Owasp reviews ?

 

Still a project specific question: Mike proposes in the ASVS project to 

have an 'Owasp certificate', that would be issued by the Owasp (without 

guarantee) against a fee. Is this compatible with the Owasp status ? and 

with Owasp available man power ?

 

thanks for this information,

 

cheers,

 

Pierre

No virus found in this incoming message.
Checked by AVG.
Version: 8.0.100 / Virus Database: 269.24.4/1474 - Release Date: 30/05/2008
7:44


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20080601/ec4205d6/attachment-0002.html>


More information about the Owasp-board mailing list